Re[4]: Apache Authentication

Hello rsequeira, Good point. However, that means you have to keep your user authentication info in two different places...unless you are pulling the info a single source such as JNDI or JDBC for both Apache and Tomcat. Also, in that case, the structure of the JNDI and JDBC entries for both

Re: Re[2]: Apache Authentication

Just a thought, might not be true (since I haven't checked this behaviour). When you go through Apache (and if Apache has BASIC authentication setup), the Apache authentication will take precedence. Once you have entered the userid/password in the authentication dialog box, the browser

Re[2]: Apache Authentication

n again by Tomcat. However, in this setup, if you went to port 8080, directly to Tomcat, then it would work fine. So, you kind of need to make a choice as to whether to disable the authentication set in web.xml and just use Apache or just let Apache forward the request without asking for authenti

Re[2]: Apache Authentication

h and then access via port 80 through Apache+mod_jk, you will be prompted to log in there and then again in your app. Anyone have a solution for this? Jake Monday, July 22, 2002, 1:11:15 PM, you wrote: KA> OK, KA> So what if I want in one application to use Tomcat Authentication and

RE: Apache Authentication

OK, So what if I want in one application to use Tomcat Authentication and in the other use Apache's Authentication. Is that possible?? Thanks, Kevin Kevin Andryc Web Systems Engineer MISER http://www.umass.edu/miser/ Phone: (413)-545-3460 [EMAIL PROTECTED] -Original Message-

Re: Apache Authentication

o grab the auth info from Apache? Jake Monday, July 22, 2002, 12:55:31 PM, you wrote: KA> I just converted over from Tomcat 3.2.X to Tomcat 4.0.4 on Linux using KA> Apache 1.3.26. In the Apache httpd.conf file, we have an Alias that points KA> to a directory that uses Apache's aut

Apache Authentication

I just converted over from Tomcat 3.2.X to Tomcat 4.0.4 on Linux using Apache 1.3.26. In the Apache httpd.conf file, we have an Alias that points to a directory that uses Apache's authentication. In Tomcat 3.2.X, I used mod_jserv which integrated well and I could get the remote user an

Custom Tomcat Container Authentication?

Can I create my own custom authentication modules by implementing the Role interface inside tomcat or extending some other classes? Is there any documentation on this subject? There only seem to be a few methods that need to be implemented so that the container can communicate properly. My

HTTP Digest authentication and Tomcat 4.0.2

Hi Folks, I'm trying to setup a web app protected with an http digest authentication. Everything looks fine, except that Tomcat behaves like my username/password were always wrong. I tested it against the following clients (supporting digest auth of course) : - Opera 6.0 - Internet Exp

authentication problem

urity constraint, why is it prompting me to login? BTW, the username and password used to authenticate to index.jsp don't work in the "re-authentication". My web.xml is listed below. http://java.sun.com/j2ee/dtds/web-app_2_2.dtd";> Test Test D

Using tomcat's Realm as the authentication mechanism and access via mod_webapp

I find that this setup work if apache is 2.0.36 but not 2.0.39 If for 2.0.39, access via mod_jk will work but not mod_webapp Do anyone experience the same thing and know the reason?? Thx. and Regards. Steve.

Authentication and role management

This is my first post to the tomcat list, so hello all. I am working on a project to automate management of a service via a web interface. I need to be able to authenticate users of my software and assign roles to them. So far, standard Realm stuff. But I have a couple of hiccups. Firstly, I do

servlet authentication

To test servlet-based authentication, I have a two line servlet. response.sendError(response.SC_UNAUTHORIZED); response.setHeader("WWW-Authenticate", "BASIC realm=\"test\""); Here is the output I get: $ telnet localhost 8080 Trying 127.0.0.1...

Re: SSL and Authentication

to authenticate himself. When the user requests a page through SSL (.../location=https:8443/mysite/../Registration.jsp), he is again asked to authenticate himself. What I want is: 1) The user to be able to access index.html (and a few other pages) withought authentication. I'd rather not h

SSL and Authentication

mself. When the user requests a page through SSL (.../location=https:8443/mysite/../Registration.jsp), he is again asked to authenticate himself. What I want is: 1) The user to be able to access index.html (and a few other pages) withought authentication. I'd rather not have to enter

Re: Authentication checking.

Thanks, I could have tracked it down eventually, but I think I should be able to find what I wanted much faster with your pointers. Craig R. McClanahan wrote: >For obvious security reasons, the Catalina internal classes are protected >from access by webapps, unless you are specifically configu

User authentication Tomcat 3.2.2

I am running Tomcat 3.2.2 on a win2k server as a stand alone web server (part of video conferencing software for administration purposes). I was wondering if there was a way when someone hits the page to have the server prompt for user name and password. In security, for the folder, I removed

Authentication Example in Tomcat

I was just wondering where I can find more information about the security example found in Tomcat 4.0 (TOMCAT_HOME/webapps/examples/jsp/security/protected). I am not sure I understand how it works. In the element it calls "j_security_check". Is this something unique to Tomcat? Also, I looked at s

Re: Authentication checking.

On Wed, 26 Jun 2002, Robert Sanders wrote: > Date: Wed, 26 Jun 2002 19:45:02 -0500 > From: Robert Sanders <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: Authentication checking.

Re: Authentication checking.

Yeah, this is sort of what I had been thinking. Then I got to looking at the Catalina JavaDocs and it seemed to me that if I could get a valid org.apache.catalina.core.StandardContext Object for the current web-app then I could get the SecurityConstraint[] Array using findConstraints() and

Re: Authentication checking.

On Tue, 25 Jun 2002, Robert Sanders wrote: > Date: Tue, 25 Jun 2002 22:00:06 -0500 > From: Robert Sanders <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: Authentication checkin

Servlet for authentication of Apache2.0.39

This doPost works fine in Apache2.0.36 to pop up an authentication window in the browser. public void doPost(HttpServletRequest req, HttpServletResponse response) throws ServletException, IOException +AHs- PrintWriter out +AD0- response.getWriter

Re: Authentication

nal Message - >From: "Mike Hulse" <[EMAIL PROTECTED]> >To: "Tomcat Users List" <[EMAIL PROTECTED]> >Sent: Tuesday, June 25, 2002 12:07 PM >Subject: Authentication > > > > >>Is there some kind of smiple authentication in tomcat 4.0.

Re: Authentication

I don't believe that many browsers support DIGEST. That's one of the reasons it's not used often. - Original Message - From: <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, June 25, 2002 4:23 PM Subject: Re: Authentica

Re: Authentication

s List" <[EMAIL PROTECTED]> To:"Tomcat Users List" <[EMAIL PROTECTED]> cc: Subject:Re: Authentication Thanks that worked good. Just one other question. Do you know any other other than BASIC and FORM or where there is greater detail of the values allowed?

Re: Authentication

I, personally, am quite stumped. I'm not sure what you mean when you say "greater detail of values allowed". I am going to guess (as dangerous as that may be =) that what you're speaking about is easier user administration. If that assumption is correct, I suggest you take a look at the JDBCRea

Re: Authentication

day, June 25, 2002 1:21 PM Subject: Re: Authentication > >See your and tags in your >webapplications web.xml file and TC\conf\tomcat-users.xml file. > >RS > > > > > > > >"Mike Hulse" <[EMAIL PROTECTED]> on 06/25/2002 12:07:56 PM > >Pl

Re: Authentication

!! - Original Message - From: <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, June 25, 2002 12:19 PM Subject: Re: Authentication > > See your and tags in your > webapplications web.xml file and TC\conf\tomcat-users.xml file. >

Re: Authentication

heir mailing list. Please help me if you can. Thank you!! - Original Message - From: "Mike Hulse" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, June 25, 2002 12:07 PM Subject: Authentication > Is there some kind of smiple

Re: Authentication

ist" <[EMAIL PROTECTED]> cc: Subject: Authentication Is there some kind of smiple authentication in tomcat 4.0.4 that is similar to the Apache authentication: AuthName machineID AuthType Basic PasswdFile %%SYSTEM%% GroupFile /www/groupFile.txt require group Mygroup Order all

Authentication

Is there some kind of smiple authentication in tomcat 4.0.4 that is similar to the Apache authentication: AuthName machineID AuthType Basic PasswdFile %%SYSTEM%% GroupFile /www/groupFile.txt

Re: Problem with authentication through mod_webapp

Hi Richard, No, I'm using FORM based authentication and the login page shows up when I try to access a resource inside a protected area, but no matter which account I try to log on with I just get to the login failed page. Does anyone have a JDBC Realm up and running together with mod_w

SSL Client authentication

Hi all, I am using SSL client authentication on Tomcat 4.0.1 but I am getting some errors. I've enabled client authentication in server.xml and I've created all the certificates. If somebody has some experience in similar configurations please have a look to the steps I followed and l

Re: Problem with authentication through mod_webapp

Do you use the basic authentication method? Maybe try the form authentication method. Because apache also has a basic authentication method, maybe these two don't get along. Markus Kirsten wrote: > Hi, > I've successfully set up a JDBC Realm for my application that works >

Problem with authentication through mod_webapp

Hi, I've successfully set up a JDBC Realm for my application that works perfectly when I'm going straight to Tomcat (that is using port 8080) but not when I'm trying to access it trough Apache (with mod_webapp). Authentication always fails when I'm going through mod_webap

Tomcat Authentication: how to use CredentialsInterceptor?

Hi, I'm new to the Tomcat user list. I want to use Tomcat authentication with SimpleRealm. I read the documentation, my servlet requires userid and password. What am I supposed to do to pass it to CredentialsInterceptor (right now servlet.xml "authentication block" is as foll

RE: JNDIRealm authentication

Where does the value of come from? Thanks for all your help. , Josh. -Original Message- From: Jonathan Eric Miller [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 2:21 PM To: Tomcat Users List Subject: Re: JNDIRealm authentication Josh, You also need to put something

RE: JNDIRealm authentication

tionPassword, in , should > be? I tried it with a value of "secret", but I get > an error when Tomcat > starts: > javax.naming.AuthenticationException: [LDAP: error > code 48 - Inappropriate > Authentication] > > > > I'm trying to do LDAP authenticatio

Re: JNDIRealm authentication

: "Josh Fenlason" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Wednesday, June 12, 2002 4:10 PM Subject: RE: JNDIRealm authentication > Thanks for the pointer. It's prompting me for authentication now. My > isn't right t

RE: JNDIRealm authentication

Thanks for the pointer. It's prompting me for authentication now. My isn't right though. using the Realm element below I get the following exception. If anyone has any ideas of what I'm doing wrong, I would appreciate your advice. Thanks. , Josh. ldap://camaro.mn.ptc.com:389

RE: JNDIRealm authentication

Does anyone know what the value of connectionPassword, in , should be? I tried it with a value of "secret", but I get an error when Tomcat starts: javax.naming.AuthenticationException: [LDAP: error code 48 - Inappropriate Authentication] > > I'm trying to do LDAP authe

Re: JNDIRealm authentication

e introduced if you're using Apache HTTP Server on the front end. Jon - Original Message - From: "Jonathan Eric Miller" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Wednesday, June 12, 2002 2:20 PM Subject: Re: JNDIRealm authent

Re: JNDIRealm authentication

OTECTED]> Sent: Wednesday, June 12, 2002 1:18 PM Subject: JNDIRealm authentication > I'm trying to do LDAP authentication with Tomcat 4.1.3. I've read through > the how to docs on Tomcat's site, > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm,

JNDIRealm authentication

I'm trying to do LDAP authentication with Tomcat 4.1.3. I've read through the how to docs on Tomcat's site, http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm, and tried to follow the example. My site loads fine, but I never get an authentication prompt

Re: LDAP Authentication with Tomcat 4.1.3

Have a look at these links. There is some new functionality in Tomcat 4.1 that isn't mentioned in the main end-user document yet that is in the second link. Namely, how to get it to bind as a user to do the authentication rather than querying for a password and comparing it.

RE: Black magic Authentication Digest and JDBC Realm on Tomcat 4 .0.3

> -Original Message- > From: PATTUS Jean-Philippe [mailto:[EMAIL PROTECTED]] > Sent: 12 June 2002 14:49 > To: [EMAIL PROTECTED] > Subject: TR: Black magic Authentication Digest and JDBC Realm > on Tomcat 4 .0.3 > > > Nobody for my little p

TR: Black magic Authentication Digest and JDBC Realm on Tomcat 4.0.3

Nobody for my little pb, should i try black magic? > -Message d'origine- > De: PATTUS Jean-Philippe [SMTP:[EMAIL PROTECTED]] > Date: mercredi 12 juin 2002 10:46 > À:[EMAIL PROTECTED] > Objet: Authentication Digest and JDBC Realm on Tomcat 4.0.3 > &g

RE: LDAP Authentication with Tomcat 4.1.3

I used to use Apache1.3.24 and Tomcat 3.2 and I did the ldap authentication from Apache with two ou entries. Now I'm moving to Apache2 but the ldap authentication modules don't seem to work, so I need to get Tomcat to do the ldap authentication. If anyone could give me a pointe

RE: LDAP Authentication with Tomcat 4.1.3

Is having two OU entries OK? Best Wishes John Burgess [EMAIL PROTECTED] Tel: 01865 718666 Fax: 01865 718600 -Original Message- From: Josh Fenlason [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 11, 2002 9:12 PM To: Tomcat Subject: LDAP Authentication with Tomcat 4.1.3 I'm tryi

Authentication Digest and JDBC Realm on Tomcat 4.0.3

Hello, I'm working on Tomcat 4.0.3. i'm trying to put an authentication on my web app, if the auth-method is BASIC and the Realm is it works fine. But, if i replace BASIC by DIGEST, my authentication is KO. I've seen in the code that JDBCRealm::getPassword() alw

LDAP Authentication with Tomcat 4.1.3

I'm trying to do LDAP Authentication in Tomcat 4.1.3. I found some a couple of links that said to use LDAPRealm in Tomcat's server.xml, but I still haven't had any luck. Has anyone else been able to get this to work? Here are the two Realm elements that I've tried in s

RE: JDBC BASIC authentication and SSL

EMAIL PROTECTED]] Sent: 11 June 2002 17:01 To: Tomcat Users List Subject: Re: JDBC BASIC authentication and SSL When you say that you configured SSL to work, do you mean you enabled HTTPS? You may also want to enable SSL for the JDBC connection assuming the database server is on a different host

Re: JDBC BASIC authentication and SSL

ot;Sefton, Adam" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Tuesday, June 11, 2002 10:44 AM Subject: JDBC BASIC authentication and SSL > I am running Tomcat 4.0.3 standalone on Win2k. > > I've configured SSL to wor

JDBC BASIC authentication and SSL

I am running Tomcat 4.0.3 standalone on Win2k. I've configured SSL to work and have JDBC realm authentication working correctly, with BASIC authentication - is this now encrypted? So any admin servlet I write to add new users to the database .. will the passwords be encrypted? Or do I ne

Re: AJPV13 + BASIC authentication bug fixed?

Hi Mirko, I didn't know that. 4.0.3 seems to work fine for me with BASIC authentication as well as form based through Apache as well as directly. Or do you mean if you set up HTTP Authentication in Apache? Markus On tisdag, juni 11, 2002, at 09:18 , Klemm, Mirko wrote: > Hi, &g

AJPV13 + BASIC authentication bug fixed?

Title: AJPV13 + BASIC authentication bug fixed? Hi, Tomcat 4.0.1 had a bug that prevented BASIC authentication from working through Apache and AJPv13. The release notes are a bit unclear about whether this bug has been fixed with 4.0.3 or not. Does anyone know? Regards, Mirko taskarena

Help: Using FORM based authentication

Hi all, I am using FORM Based authentication. I have my web.xml as followed: .. CSD_COS_TRACKER /csd/marketing/clinicaloutcomestudies/tracker/* csd_cos

Re: How can I disable "authentication" in Tomcat 4?

Subject: Re: How can I disable "authentication" in Tomcat 40 41 42 43 44 45 46 47 48 49 From: "Chris Miller" <[EMAIL PROTECTED]> === Look for a tag and a tag in your web.xml file. Removing them should solve the problem. "Luca Ventura" <[EMAIL PROTECTED]&

How can I disable "authentication" in Tomcat 4?

authenticate (it asks me the login and the password)! I have searched in the Tomcat 4's documentation and on the Jakarta's site to avoid this problem but unsuccessfully.how can avoid that Tomcat ask me for authentication? Can someone help me, please? Thanks a lot! Lu

Re: Logout using FORM based authentication

. By that I mean that by using a filter, you can configure the security in the web.xml file, rather then having to add tags or other logic to pages in order to protect them. Best of luck, Eric Everman At 03:12 PM 6/7/2002, you wrote: >Hi Eric, >Thank you for verifying that. I've

Re: Logout using FORM based authentication

Hi Eric, Thank you for verifying that. I've actually made my own authentication before but when I read about container-managed authentication I realised that that was exactly what I was looking for. Is there any reason for keeping the users login as a session attribute or is it better t

Re: Logout using FORM based authentication

6/7/2002, you wrote: >Hi, >I use a JDBC Realm with FORM based authentication but haven't figured out >a way for users to log out. Is it just to call session.invalidate() or is >there any better way to do it? > > >Markus > > >-- >To unsubscribe, e-mail: <

Logout using FORM based authentication

Hi, I use a JDBC Realm with FORM based authentication but haven't figured out a way for users to log out. Is it just to call session.invalidate() or is there any better way to do it? Markus -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-ma

RE: authentication based on linux user accounts

look at tomcat's PAM integration... -- Tomasz M. Ciolek Systems Administrator - CSIRO Entomology Phone: 02-62464391 * Fax: 02-62464000 > -Original Message- > From: lloyd [mailto:[EMAIL PROTECTED]] > Sent: Friday, 07 June 2002 09:57 > To: tomcat-user > Subject:

authentication based on linux user accounts

How can I set up tomcat to authenticate against linux user accounts, and to tie roles to linux groups? thx -- To unsubscribe, e-mail: For additional commands, e-mail:

Help: SSL with client authentication

Hi, I know that this is a hot topic, and I searched all archives I could, but still could not find out why this is not working. I am trying to set up Tomcat to use server *and* client side certificates. I am following the SSL-Howto. When I setup only the server certificate, everything is OK, but

Re: form based authentication and remote user

PLEASE REMOVE ME FROM YOUR MAILING LIST. I DO NOT KNOW YOU. THANK YOU... - Original Message - From: "Miguel Angel Medina Lopez" <[EMAIL PROTECTED]> To: "Tomcat Users" <[EMAIL PROTECTED]> Sent: Wednesday, June 05, 2002 8:30 AM Subject: form based authentic

form based authentication and remote user

Hi all: I'm using form-based authentication with tomcat 3.2.3. I have a form to register the users and I want to set the remote user and role when they register to they can access private zones that are protected with the form based authentication at this moment. How can I do that? Than

Basic Authentication: Tomcat 4 and IIS 5.0 generates 403 Error

We are trying to get basic authentication to work with Tomcat 4 and IIS 5, however it generates a 403 error instead. Can someone point me in the right direction? We managed to get it working in Tomcat 3.3, but now the pop up just isnt appearing -- it goes straight to the forbidden page. Can

apache module authentication & remote_user

Hi, I am attempting to set up a tomcat 4.0.3 server to work with apache 1.3.x and an apache module for kerberos authentication. (both servers are on solaris) On successful authentication the remote_user variable in apache is populated. I thought that this should be passed to tomcat as a

Re: Authentication with Tomcat + Apache

> By the way, do you think that it's best to have the protected files on > my Apache server with HTTP Authentication with a login/pass what Tomcat > is aware of so Tomcat can get the resource and then send it to the user > or is it better to have the files inside WEB/INF fo

Re: Authentication with Tomcat + Apache

Thank you. This was exactly what I was looking for. I thought that by opening a file for a servlet and then returning it like a stream to the client whould take too much resources but it also seemed like the only way I could whink of except for some kind of HTTP Authentication. But I haven&#

Re: Authentication with Tomcat + Apache

> What would be the best sollution if I have resources (non-HTML like > movies etc.) which I want to protect with a custom made authentication? use Servlets. serve binary data as the output stream instead of text/html . You can authenticate and do all your other "ok, is this person

Authentication with Tomcat + Apache

What would be the best sollution if I have resources (non-HTML like movies etc.) which I want to protect with a custom made authentication? I have a servlet which takes care of my authentication and I want this servlet to be able to either grant or permit access to a resource based on wheter

Form based authentication, cookies not being served??

Hello, When using form based authentication, it appears that cookies are not being written to the client. In my server.xml, noCookies=false, and the client browsers have cookies enabled. Can anyone shed any light here? Using JBoss 2.4.4 w/ embedded Tomcat 3.2.3. Struts also. Thanks

Cookies not working w/ Form Based Authentication 3.2.3

Hello, When using form based authentication, it appears that cookies are not being written to the client. In my server.xml, noCookies=false, and the client browsers have cookies enabled. Can anyone shed any light here? Using JBoss 2.4.4 w/ embedded Tomcat 3.2.3. Thanks, Roland Roland

Tomcat authentication using Microsoft SQL Server.

I am using FORM authentication on my web application. I have everything set up nice. My customer requests that the authentication be done against the given users and roles table in the SQLServer. I thought it was no large task. The users table I found out to be was sysusers per database

Re: DIGEST authentication problem

: Client: MZ-0.9.9/Deb-2.2r5 Server: Apache 1.3.24/Deb-2.2r5 Auth: DIGEST Hope this helps... Larry >>> [EMAIL PROTECTED] 05/29/02 01:45AM >>> Hello, We have an authentication problem using Tomcat. Briefly, we have set up a simple webapp with DIGEST authentication.

DIGEST authentication problem

Hello, We have an authentication problem using Tomcat. Briefly, we have set up a simple webapp with DIGEST authentication. It works fine with IE5, but it fails on Mozilla. We have also tested Mozilla on an Apache Http server with DIGEST authentication, and it works! So, we assume that there is

Authentication with Apache

/app/secure/ to some valid users using apache basic authentication with a htpasswd-file. So I set up something like this : AuthType Basic AuthName "Secure Area" AuthUserFile /usr/local/apache/conf/secure.passwd Require valid-user WarpConnection con l

tomcat form based authentication in an apache environment

Hi I want to use tomcat's form based authentication in apache/tomcat environment but still let apache serve all the static content (for performance reasons). I am using tomcat4 with apache 1.3 and the mod_jk module. I have found that in order to trigger the form based authentication, I ha

Tomcat 4.0.3 + mod_webapp + FORM authentication

Hi, I'm having a problem with authentication to my webapp when accessing it through Apache. I have my realm setup in server.xml to use JDBC (accessing a PostgreSQL database), and based the security constraints in my web.xml from the security example provided with Tomcat. - Apache is ru

Web server authentication fails with WarpConnector

Hi, Can I use Apache web server (1.3.24) to do the authentication and use WarpConnector to forward request to Tomcat 4.0.3 ? In my apache(1.3.24) and tomcat (4.0.3) application server configuration, I am using WarpConnector to handle the jsp/servlet pages. I would like to ask Apache web

Tomcat Client Authentication...

Hi, Trying to enable client authentication on Tomcat 3.2.3 but failed. Normal SSL work find until I turned the 'clientAuth' to 'TRUE'. Tried with Tomcat 4.0.3 too but same result. It seems like that Tomcat is unable to get hold of the client certificates. I am using SOAP cl

Re: REPOST - Digest Authentication with Memory Realm

Hi Shimon, Those browser versions probably don't support Digest authentication. The default is Base 64 encoding (not encryption) so at least your password don't go as clear text. If you don't want to use HTTPS you'll have to use form based authentication and put an ap

REPOST - Digest Authentication with Memory Realm

As nobody answered this question the first time around lets have another go ! Using the default memory realm I have modified the Tomcat server.xml to store the passwords encrypted as follows : This works fine. For my tests I would also like to use digest authorization to transfer the password

Digest authentication with Memory Realm

Using the default memory realm I have modified the Tomcat server.xml to store the passwords encrypted as follows : This works fine. For my tests I would also like to use digest authorization to transfer the password over the wire. To do this I put the following in my web.xml file DIGES

RE: Customising the logic behind Container Authentication (j_security_check)

j_security_check should work with all containers. Custom authentication will work with all containers as long as you don't use any server specific code (casting an object to a tomcat object...). Like I said, I am doing custom auth and am quite happy with it. Abe -Original Message-

Re: Customising the logic behind Container Authentication (j_security_check)

should work in all containers. Is this the case? I hope I'm right in assuming that custom authentication should work in all containers as well. I will look into custom auth, but not just yet. My attitude towards this current project is to get each section working before considering implementi

RE: Customising the logic behind Container Authentication (j_security_check)

Joel, I wouldn't use the Security in the spec - ie don't use j_security_check servlet... Write your own authentication mechanism that will tie into this third party. You can write a filter (as of servlet spec 2.3) that will restrict access to certain url by first redirecting them

Customising the logic behind Container Authentication (j_security_check)

Hi there, The webapp I'm currently developing uses the j_security_check method of authentication. That is, when authentication is required (ie: when a client tries to access a restricted resource) the client gets directed to the file specified in the tag in my web.xml file - in this case

Odd authentication problems

I'm using Tomcat 4.0.1 on a RedHat Linux 7.2 It uses a database Realm to look up user names and roles. The backend of it is a Mysql database 3.23.41 My problem is this: When I am at work and testing my JSP pages, I login (all defined roles are in web.xml) into my page. It works fine every time

RE: HELP! BASIC authentication and security-constraint issue, 3.2.3

Sorry, my tomcat-users.xml should read: -Original Message- From: Roland Chan [mailto:[EMAIL PROTECTED]] Sent: April 30, 2002 1:06 PM To: '[EMAIL PROTECTED]' Subject: HELP! BASIC authentication and security-constraint issue, 3.2.3 Hello, I'm having an issue wit

HELP! BASIC authentication and security-constraint issue, 3.2.3

Hello, I'm having an issue with testing BASIC authentication with 3.2.3. Althought the window prompting for username and password appear, regardless of the values it always allows access to the requested page. Can anyone point me in the right direction. I am currently using JBOSS with emb

Problems with authentication and encryption

I'm running Tomcat 4.0.3 standalone and I've tried to enable encryption and authentication (BASIC) on a jsp-page. I've currently only tested this with IE 6. Without encryption everything works fine. I simply type in the access-restricted URL, a BASIC-authentication requeste

Re: answer: HTTP authentication headers behavior expectations

; on 04/23/2002 05:27:24 PM Please respond to "Tomcat Users List" <[EMAIL PROTECTED]> To:Tomcat Users List <[EMAIL PROTECTED]> cc: Subject:answer: HTTP authentication headers behavior expectations this is HTTP AFAIK the only way a browser can send BASIC authentica

Authentication and Closing Browser Windows

n and respond with a 401 to get the username and password again. Pretty simple actually and will work regardless of the use of Basic Browser based authentication. If someone already posted this, I apologize... Joseph Molnar http://www.codesta.com/ -- To un

Re: answer: HTTP authentication headers behavior expectations

end BASIC authentication credentials is: > 1) you send them a 401 and the browser prompts the user > 2) you format all your links as http://user:[EMAIL PROTECTED]/ but i am not > even sure if all browsers will "correctly" use this, at least in the fashion > you're intending. > > M

answer: HTTP authentication headers behavior expectations

this is HTTP AFAIK the only way a browser can send BASIC authentication credentials is: 1) you send them a 401 and the browser prompts the user 2) you format all your links as http://user:[EMAIL PROTECTED]/ but i am not even sure if all browsers will "correctly" use this, at least in t

Authentication - is there a way to tell the browser to send a Authorizationheader?

Is there a way using a servlet/jsp to tell the browser to send the Authorization request header without sending a prior "401 Authorization required" reponse header. Well it goes like this: We have a Basic Authentication setup on some of our resources. We would like the user to

<    8   9   10   11   12   13   14   15   16   17   >